US11539689B2ActiveUtilityA1

System, method, and apparatus for authenticating a user device

71
Assignee: VISA INT SERVICE ASSPriority: Jan 19, 2021Filed: Jan 19, 2021Granted: Dec 27, 2022
Est. expiryJan 19, 2041(~14.5 yrs left)· nominal 20-yr term from priority
H04L 2463/082H04L 9/0863H04L 63/0838H04L 9/0861
71
PatentIndex Score
1
Cited by
11
References
20
Claims

Abstract

Provided is a method, system, and apparatus for authenticating a user device. The method includes registering a device identifier with at least one transformation rule, receiving a request for authentication comprising a device identifier associated with a user device, obtaining a one-time password (OTP) in response to receiving the request, communicating the OTP to the user device, receiving a transformed OTP from the user device, and authenticating the user device based on the OTP, the transformed OTP, and the at least one transformation rule.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method, comprising:
 registering, with at least one processor, a device identifier with at least one transformation rule; 
 receiving, with at least one processor, a request for authentication comprising a device identifier associated with a user device; 
 obtaining, with at least one processor, a one-time password (OTP) in response to receiving the request; 
 communicating, with at least one processor, a message comprising the OTP to the user device; 
 automatically parsing the message with an application executing on the user device; 
 automatically extracting the OTP from the message with the application executing on the user device; 
 automatically transforming the OTP with the application executing on the user device based on the at least one transformation rule to generate a transformed OTP, the at least one transformation rule configured to automatically expire within a predetermined time period; 
 receiving, with at least one processor, the transformed OTP from the user device; and 
 authenticating the user device, with at least one processor, based on the OTP, the transformed OTP, and the at least one transformation rule. 
 
     
     
       2. The computer-implemented method of  claim 1 , wherein the request for authentication is received from a service provider system. 
     
     
       3. The computer-implemented method of  claim 1 , wherein the at least one transformation rule comprises at least one of the following: an algebraic function, a digit manipulation, a cryptographic function, or any combination thereof. 
     
     
       4. The computer-implemented method of  claim 1 , wherein the OTP is communicated to the user device via a Short Message Service (SMS), and wherein the transformed OTP is received from the user device via manual entry of the transformed OTP via a webpage or application. 
     
     
       5. The computer-implemented method of  claim 1 , wherein the transformed OTP is communicated to the user device via a Mobile Originated (MO) message, and wherein the OTP is received from the user device automatically via an application executed on the user device. 
     
     
       6. The computer-implemented method of  claim 1 , wherein the device identifier comprises a telephone number corresponding to the user device. 
     
     
       7. The computer-implemented method of  claim 1 , wherein registering the device identifier with the at least one transformation rule comprises:
 receiving, from the user device or a separate computing device, a registration request message comprising the device identifier and a user identifier; 
 displaying, on the user device or a separate computing device, at least one graphical user interface configured to receive the at least one transformation rule from the user; 
 communicating a Short Message Service (SMS) message comprising an initial OTP to the user device; 
 receiving, from the user device, a responsive SMS message comprising an initial transformed OTP; 
 generating a comparison OTP by applying the at least one transformation rule to the initial OTP; 
 comparing the comparison OTP to the initial transformed OTP; and 
 in response to determining that the comparison OTP matches the initial transformed OTP based on comparing, registering the device identifier with the at least one transformation rule in an authentication database. 
 
     
     
       8. A system for authenticating a user device, comprising:
 a memory 
 at least one processor programmed or configured to:
 register a user identifier with at least one transformation rule; 
 receive, from a user device, a request for authentication comprising the user identifier; 
 obtain a one-time password (OTP) in response to receiving the request; 
 communicate a message comprising the OTP to the user device; 
 automatically parse the message with an application executing on the user device; 
 automatically extract the OTP from the message with the application executing on the user device; 
 automatically transform the OTP with the application executing on the user device based on the at least one transformation rule to generate a transformed OTP, the at least one transformation rule configured to automatically expire within a predetermined time period; 
 receive the transformed OTP from the user device; and 
 authenticate the user device based on the OTP, the transformed OTP, and the at least one transformation rule. 
 
 
     
     
       9. The system of  claim 8 , wherein the request for authentication is received from a service provider system. 
     
     
       10. The system of  claim 8 , wherein the at least one transformation rule comprises at least one of the following: an algebraic function, a digit manipulation, a cryptographic function, or any combination thereof. 
     
     
       11. The system of  claim 8 , wherein the OTP is communicated to the user device via a Short Message Service (SMS), and wherein the transformed OTP is received from the user device via manual entry of the transformed OTP via a webpage or application. 
     
     
       12. The system of  claim 8 , wherein the transformed OTP is communicated to the user device via a Mobile Originated (MO) message, and wherein the OTP is received from the user device automatically via an application executed on the user device. 
     
     
       13. The system of  claim 8 , wherein a device identifier comprises a telephone number corresponding to the user device. 
     
     
       14. The system of  claim 8 , wherein registering a device identifier with the at least one transformation rule comprises:
 receiving, from the user device or a separate computing device, a registration request message comprising the device identifier and a user identifier; 
 displaying, on the user device or a separate computing device, at least one graphical user interface configured to receive the at least one transformation rule from the user; 
 communicating a Short Message Service (SMS) message comprising an initial OTP to the user device; 
 receiving, from the user device, a responsive SMS message comprising an initial transformed OTP; 
 generating a comparison OTP by applying the at least one transformation rule to the initial OTP; 
 comparing the comparison OTP to the initial transformed OTP; and 
 in response to determining that the comparison OTP matches the initial transformed OTP based on comparing, registering the device identifier with the at least one transformation rule in an authentication database. 
 
     
     
       15. A computer program product for authenticating a user device, comprising at least one non-transitory computer-readable medium comprising one or more instructions that, when executed by at least one processor, cause the at least one processor to:
 register a user identifier with at least one transformation rule; 
 receive, from a user device, a request for authentication comprising the user identifier; 
 obtain a one-time password (OTP) in response to receiving the request; 
 communicate a message comprising the OTP to the user device; 
 automatically parse the message with an application executing on the user device: 
 automatically extract the OTP from the message with the application executing on the user device; 
 automatically transform the OTP with the application executing on the user device based on the at least one transformation rule to generate a transformed OTP, the at least one transformation rule configured to automatically expire within a predetermined time period; 
 receive the transformed OTP from the user device; and 
 authenticate the user device based on the OTP, the transformed OTP, and the at least one transformation rule. 
 
     
     
       16. The computer program product of  claim 15 , wherein the request for authentication is received from a service provider system. 
     
     
       17. The computer program product of  claim 15 , wherein the at least one transformation rule comprises at least one of the following: an algebraic function, a digit manipulation, a cryptographic function, or any combination thereof. 
     
     
       18. The computer program product of  claim 15 , wherein the OTP is communicated to the user device via a Short Message Service (SMS), and wherein the transformed OTP is received from the user device via manual entry of the transformed OTP via a webpage or application. 
     
     
       19. The computer program product of  claim 15 , wherein the transformed OTP is communicated to the user device via a Mobile Originated (MO) message, and wherein the OTP is received from the user device automatically via an application executed on the user device. 
     
     
       20. The computer program product of  claim 15 , wherein registering the device identifier with the at least one transformation rule comprises:
 receiving, from the user device or a separate computing device, a registration request message comprising the device identifier and a user identifier; 
 displaying, on the user device or a separate computing device, at least one graphical user interface configured to receive the at least one transformation rule from the user; 
 communicating a Short Message Service (SMS) message comprising an initial OTP to the user device; 
 receiving, from the user device, a responsive SMS message comprising an initial transformed OTP; 
 generating a comparison OTP by applying the at least one transformation rule to the initial OTP; 
 comparing the comparison OTP to the initial transformed OTP; and 
 in response to determining that the comparison OTP matches the initial transformed OTP based on comparing, registering the device identifier with the at least one transformation rule in an authentication database.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.